In the Coder box from HackTheBox, I manage to acquire a TOPT backup from the Authenticator browser plugin. I'll go through the source-code for the plugin to understand how the password is used to decrypt the seed, and then write a JavaScript brute force script to recover the password for the backup.
HackTheBox Coder: https://www.hackthebox.com/machines/coder
Coder Blog Post: https://0xdf.gitlab.io/2023/12/16/htb-coder.html
Authenticator Source: https://github.com/Authenticator-Extension/Authenticator
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:57] Background
[02:05] Source Code Review
[05:29] Getting data to test
[06:50] Starting script to loop over lines
[09:28] Trying decrypt with each password
[10:42] Getting script to run
[12:00] Converting result from hex
[12:34] Updating to only print on success and exit
[13:23] Tweaking to run on real data
[15:44] Conclusion
#pentest #ctf #bugbounty #javascript
